package cn.bdqn.util;


import cn.bdqn.service.UserService;
import cn.bdqn.service.UserService1;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


/**
 * @ProjectName: springbootSecurity
 * @Package: cn.bdqn.security.util
 * @Author: huat
 * @Date: 2019/12/14 8:06
 * @Version: 1.0
 */

/**
 * 开启security注解支持
 * @EnableWebSecurity
 * (securedEnabled=true) 开启@Secured 注解过滤权限
 * (jsr250Enabled=true)开启@RolesAllowed 注解过滤权限
 * (prePostEnabled=true) 使用表达式时间方法级别的安全性         4个注解可用
 * @EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled=true,jsr250Enabled=true)
 */
@Configuration
@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled=true,jsr250Enabled=true)
public class SpringSercurityConfig extends WebSecurityConfigurerAdapter {
   /* @Autowired
    UserService1 userService;*/
   @Autowired
   UserService userService;

    /**
     * 将security中加密方式注入到spring容器中
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    /**
     * 将账号密码设置在内存当中
     * @param auth
     * @throws Exception
     */
    @Override
    public  void configure(AuthenticationManagerBuilder auth) throws Exception {
       auth
       //将UserDetailsService放到容器中
       .userDetailsService(userService)
       //加密方式放入
       .passwordEncoder(passwordEncoder());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        //释放静态资源，指定资源拦截规则，
        // 指定自定义认证页面，指定退出认证配置，csrf（跨域伪造请求）配置
        http.authorizeRequests()
                .antMatchers("intoLogin","login.jsp","/css/**","fail.jsp","/intoIndex","/index.jsp").permitAll()//释放这些资源，允许匿名访问
               .antMatchers("/**").hasAnyRole("ADMIN","USER")
                .anyRequest().authenticated()//其他资源需要认证
                .and()
                .formLogin()
                .loginPage("/intoLogin")//登陆页请求的接口
                .loginProcessingUrl("/dologin")//登陆地址，由springSecurity提供
                .successForwardUrl("/intoTest")//登陆成功
                .failureForwardUrl("/intoFail")//登录失败
                .permitAll()//指定所有资源释放
                .and()
                .logout()//登出
                .logoutUrl("/logout")//指定登出路径
                .logoutSuccessUrl("/login.jsp")//登出成功后跳转的url
                .invalidateHttpSession(true)//是否清空session
                .permitAll()
                .and()
                .csrf()
                .disable();//关闭csrf（跨域伪造请求）
    }
}
